{ "ignored_warnings": [ { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "fbce6d49d56c9753c938428929aad9af6c63832c74d702cc8283d075bcb7ffd2", "check_name": "Execute", "message": "Possible command injection", "file": "app/services/neeto_commons_backend/source_map_publish_service.rb", "line": 35, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`\n curl https://api.honeybadger.io/v1/source_maps -F api_key=#{(ENV[\"HONEYBADGER_JS_API_KEY\"] or ENV[\"HONEYBADGER_API_KEY\"])} -F revision=#{ENV[\"HEROKU_SLUG_COMMIT\"]} -F minified_url=#{file_url} -F source_map=@#{\"public#{URI.parse(file_url).path}\"}.map -F minified_file=@#{\"public#{URI.parse(file_url).path}\"}\n `", "render_path": null, "location": { "type": "method", "class": "NeetoCommonsBackend::SourceMapPublishService", "method": "upload_source_map" }, "user_input": "ENV[\"HONEYBADGER_JS_API_KEY\"]", "confidence": "Medium", "cwe_id": [ 77 ], "note": "Since, environment variables are defined in the backend or in the server, it is safe to assume that this cannot be exploited vis Command Injection" }, { "warning_type": "SQL Injection", "warning_code": 0, "fingerprint": "fe92186233531a732a25599e4483f19d65481552ef7b10c3e8343dc52332457f", "check_name": "SQL", "message": "Possible SQL injection", "file": "app/models/concerns/neeto_commons_backend/sluggable.rb", "line": 14, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "(relation or self.class).where(\"#{slug_field} ~ ?\", \"^#{(\"untitled\" or self.send(value_field).parameterize)}$|^#{(\"untitled\" or self.send(value_field).parameterize)}-[0-9]+$\")", "render_path": null, "location": { "type": "method", "class": "NeetoCommonsBackend::Sluggable", "method": "generate_slug" }, "user_input": "slug_field", "confidence": "Weak", "cwe_id": [ 89 ], "note": "slug_field is defined in the backend. Hence, safe to assume this code is not vulnerable to SQL injection." } ], "updated": "2023-03-24 11:39:52 +0530", "brakeman_version": "5.4.1" }